Add LDAP filter for the filter to prevent security problem #116
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "GLPI CI" | |
| on: | |
| # Runs test suite when a new commit is pushed on "master" and "*/bugfixes" branches | |
| # and when a new tag is created | |
| push: | |
| branches: | |
| - master | |
| - '*/bugfixes' | |
| - 'feature/*' | |
| - 'fix/*' | |
| - 'security/*' | |
| tags: | |
| - '*' | |
| # Runs test suite when a PR is opened or synchronyzed | |
| pull_request: | |
| # Runs test suite every night | |
| schedule: | |
| - cron: '0 0 * * *' | |
| # Enable manual run | |
| workflow_dispatch: | |
| jobs: | |
| lint: | |
| # Do not run scheduled lint on tier repositories | |
| if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule' | |
| name: "Lint on PHP ${{ matrix.php-version }}" | |
| runs-on: "${{ 'ubuntu-latest' }}" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - {php-version: "7.2"} # Lint on lower PHP version to detected too early usage of new syntaxes | |
| - {php-version: "8.0"} # Lint on higher PHP version to detected deprecated elements usage | |
| env: | |
| COMPOSE_FILE: ".github/actions/docker-compose-app.yml" | |
| APPLICATION_ROOT: "${{ github.workspace }}" | |
| PHP_IMAGE: "githubactions-php:${{ matrix.php-version }}" | |
| UPDATE_FILES_ACL: true | |
| steps: | |
| - name: "Cancel previous runs" | |
| uses: "styfle/[email protected]" | |
| with: | |
| access_token: "${{ github.token }}" | |
| - name: "Clean workspace" | |
| run: | | |
| echo "APP_CONTAINER_HOME=${{ runner.temp }}/app_home" >> $GITHUB_ENV | |
| rm -rf "${{ env.APPLICATION_ROOT }}/*" | |
| rm -rf "${{ env.APP_CONTAINER_HOME }}/*" | |
| - name: "Checkout" | |
| uses: "actions/checkout@v2" | |
| - name: "Restore dependencies cache" | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ${{ env.APP_CONTAINER_HOME }}/.composer/cache/ | |
| ${{ env.APP_CONTAINER_HOME }}/.npm/_cacache/ | |
| key: "app_home_deps-${{ matrix.php-version }}-${{ hashFiles('composer.lock', 'package-lock.json') }}" | |
| restore-keys: | | |
| app_home_deps-${{ matrix.php-version }}- | |
| app_home_deps- | |
| - name: "Restore lint cache" | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ${{ env.APP_CONTAINER_HOME }}/phpcs.cache | |
| key: "app_home_lint-${{ matrix.php-version }}-${{ github.base_ref || github.ref }}" | |
| restore-keys: | | |
| app_home_lint-${{ matrix.php-version }} | |
| app_home_lint- | |
| - name: "Initialize containers" | |
| run: | | |
| .github/actions/init_containers-start.sh | |
| - name: "Show versions" | |
| run: | | |
| .github/actions/init_show-versions.sh | |
| - name: "Install dependencies" | |
| run: | | |
| docker-compose exec -T app .github/actions/init_install-dependencies.sh | |
| - name: "PHP lint" | |
| run: | | |
| docker-compose exec -T app .github/actions/lint_php-lint.sh | |
| - name: "JS lint" | |
| run: | | |
| docker-compose exec -T app .github/actions/lint_js-lint.sh | |
| - name: "Misc lint" | |
| run: | | |
| docker-compose exec -T app .github/actions/lint_misc-lint.sh | |
| - name: "Cleanup containers" | |
| if: always() | |
| run: | | |
| .github/actions/teardown_containers-cleanup.sh | |
| tests: | |
| # Do not run scheduled tests on tier repositories | |
| if: github.repository == 'glpi-project/glpi' || github.event_name != 'schedule' | |
| name: "Test on PHP ${{ matrix.php-version }} using ${{ matrix.db-image }}" | |
| runs-on: "${{ 'ubuntu-latest' }}" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # test higher PHP version with higher MariaDB and MySQL versions | |
| - {php-version: "8.0", db-image: "mariadb:10.6", always: true} | |
| - {php-version: "8.0", db-image: "mysql:8.0", always: true} | |
| # test other PHP versions | |
| - {php-version: "7.2", db-image: "mariadb:10.6", always: false} | |
| - {php-version: "7.3", db-image: "mariadb:10.6", always: false} | |
| - {php-version: "7.4", db-image: "mariadb:10.6", always: false} | |
| # test other DB servers/versions | |
| - {php-version: "8.0", db-image: "mariadb:10.1", always: false} | |
| - {php-version: "8.0", db-image: "mysql:5.6", always: false} | |
| - {php-version: "8.0", db-image: "percona:5.6", always: false} | |
| - {php-version: "8.0", db-image: "percona:8.0", always: false} | |
| env: | |
| # Skip jobs that should not be always run on pull requests or on push on tier repository (to limit workers usage). | |
| # No jobs will be skipped on nightly build, manual dispatch or push on main branches (master and */bugfixes) or tags. | |
| # skip: ${{ matrix.always == false && (github.event_name == 'pull_request' || github.repository != 'glpi-project/glpi' || !(github.event_name == 'workflow_dispatch' || github.ref == 'refs/heads/master' || endsWith(github.ref, '/bugfixes') || startsWith(github.ref, 'refs/tags'))) }} | |
| COMPOSE_FILE: ".github/actions/docker-compose-app.yml:.github/actions/docker-compose-services.yml" | |
| APPLICATION_ROOT: "${{ github.workspace }}" | |
| DB_IMAGE: "githubactions-${{ matrix.db-image }}" | |
| PHP_IMAGE: "githubactions-php:${{ matrix.php-version }}" | |
| UPDATE_FILES_ACL: true | |
| steps: | |
| - name: "Cancel previous runs" | |
| if: env.skip != 'true' | |
| uses: "styfle/[email protected]" | |
| with: | |
| access_token: "${{ github.token }}" | |
| - name: "Clean workspace" | |
| if: env.skip != 'true' | |
| run: | | |
| echo "APP_CONTAINER_HOME=${{ runner.temp }}/app_home" >> $GITHUB_ENV | |
| rm -rf "${{ env.APPLICATION_ROOT }}/*" | |
| rm -rf "${{ env.APP_CONTAINER_HOME }}/*" | |
| - name: "Checkout" | |
| if: env.skip != 'true' | |
| uses: "actions/checkout@v2" | |
| - name: "Restore dependencies cache" | |
| if: env.skip != 'true' | |
| uses: actions/cache@v2 | |
| with: | |
| path: | | |
| ${{ env.APP_CONTAINER_HOME }}/.composer/cache/ | |
| ${{ env.APP_CONTAINER_HOME }}/.npm/_cacache/ | |
| key: "app_home_deps-${{ matrix.php-version }}-${{ hashFiles('composer.lock', 'package-lock.json') }}" | |
| restore-keys: | | |
| app_home_deps-${{ matrix.php-version }}- | |
| app_home_deps- | |
| - name: "Initialize containers" | |
| if: env.skip != 'true' | |
| run: | | |
| .github/actions/init_containers-start.sh | |
| - name: "Show versions" | |
| if: env.skip != 'true' | |
| run: | | |
| .github/actions/init_show-versions.sh | |
| - name: "Install dependencies" | |
| if: env.skip != 'true' | |
| run: | | |
| docker-compose exec -T app .github/actions/init_install-dependencies.sh | |
| - name: "Install DB tests" | |
| if: env.skip != 'true' | |
| run: | | |
| docker-compose exec -T app .github/actions/test_install.sh | |
| - name: "Update DB tests" | |
| if: env.skip != 'true' | |
| run: | | |
| .github/actions/init_initialize-old-dbs.sh | |
| docker-compose exec -T app .github/actions/test_update-from-older-version.sh | |
| - name: "Unit tests" | |
| if: env.skip != 'true' | |
| run: | | |
| docker-compose exec -T app .github/actions/test_tests-units.sh | |
| - name: "Functionnal tests" | |
| if: env.skip != 'true' | |
| run: | | |
| docker-compose exec -T app .github/actions/test_tests-functionnal.sh | |
| - name: "LDAP tests" | |
| if: env.skip != 'true' | |
| run: | | |
| .github/actions/init_initialize-ldap-fixtures.sh | |
| docker-compose exec -T app .github/actions/test_tests-ldap.sh | |
| - name: "IMAP tests" | |
| if: env.skip != 'true' | |
| run: | | |
| .github/actions/init_initialize-imap-fixtures.sh | |
| docker-compose exec -T app .github/actions/test_tests-imap.sh | |
| - name: "WEB tests" | |
| if: env.skip != 'true' | |
| run: | | |
| docker-compose exec -T app .github/actions/test_tests-web.sh | |
| - name: "Cleanup containers" | |
| if: env.skip != 'true' && always() | |
| run: | | |
| .github/actions/teardown_containers-cleanup.sh |